Many years ago, someone mentioned on a congress that apache has an interesting feature: if apache doesn't know a file-extension, it will just take the next one. If someone saves a file called "shell.php.ab", apache would not know what to do with the extension ".ab". So it will just skip this one and uses the next one and the file "evil.php.ab" becomes "evil.php" and gets executed.

In my research about update mechanism of open-source software I found vulnerabilities in Oracle's VirtualBox. It's possible to compromise a system behind a firewall by infiltrating the updates of Extension-Packs.

Certificate Transparency is a great idea. All certificate-related activities on a certificate authority will be logged into a public database(it's a merkle-table), so that anyone can monitor or review the certificates. Commodo published a very handy web-tool to query the logs.

The first day of the 33c3 was fantastic. There were great talks(among others) about "Certificate Transparency", "Nintendo Hacking", "IPv6-Scanning" and "PHP7 Issues". I saw wicked, funny and amazing installations. People celebrate their obsession for tech with a lots of respect for each other. This congress is like being in another dimension (or time?) and absolutely works for me.